Assets Server API - URL request secrets

Request secrets are encrypted codes that can be added to the thumbnail and preview URLs returned by the API search results. These are useful when the search results are transformed to HTML by an intermediary (such as PHP or XSLT) and are served to a Web browser.

When to use them?

In this case, the Web browser that will be loading the thumbnail and preview URLs will not be authenticated with the server. The PHP script is authenticated, but the Web browser that displays the actual page is not authenticated and will not be able to access the thumbnails and previews on the server.

All SOAP search results have request secrets added to their URLs by default. For REST searches, you can enable them when needed.

What happens?

To allow the Web browser to load the thumbnails and previews, Assets Server can append an encrypted code to the thumbnails and previews URLs so any Web browser that loads those URLs will be automatically authenticated with the same permissions as the original user that was used to perform the API search call.

The request secrets added to the URLs are valid for 30 minutes after the original search request, which should be sufficient for the client Web browser to load them. After 30 minutes, the client should re-execute the search to fetch fresh URLs if it still needs them.